Sunday, September 25, 2016

Catatan IPTALBES

Di bawah ini catatan /etc/sysconfig/iptables yang pernah saya gunakan.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#==========================================================================================================
#RFC 1918
-A INPUT -i eth0 -s 10.0.0.0/24        -j DROP
-A INPUT -i eth0 -s 172.16.0.0/12      -j DROP
-A INPUT -i eth0 -s 192.168.0.0/16     -j DROP
-A INPUT -i eth0 -s 224.0.0.0/4        -j DROP
-A INPUT -i eth0 -s 240.0.0.0/5        -j DROP
#Multicast
-A INPUT -i eth0 -d 127.0.0.0/8        -j DROP
-A INPUT -i eth0 -s 169.254.0.0/16     -j DROP
-A INPUT -i eth0 -s 0.0.0.0/8          -j DROP
-A INPUT -i eth0 -s 240.0.0.0/4        -j DROP
-A INPUT -i eth0 -s 255.255.255.255/32 -j DROP
-A INPUT -i eth0 -s 168.254.0.0/16     -j DROP
-A INPUT -i eth0 -s 248.0.0.0/5        -j DROP
# Drop invalid packets.
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST              -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,FIN FIN                  -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG                  -j DROP
# ICMP
#-A RH-Firewall-1-INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
#-A RH-Firewall-1-INPUT -p icmp --icmp-type time-exceeded           -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type echo-reply              -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type echo-request            -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any                     -j DROP
# LOG
# <0>KERN_EMERG:system is unusable               |<3>KERN_ERR:error conditions        |<6>KERN_INFO:informational
# <1>KERN_ALERT:action must be taken immediately |<4>KERN_WARNING:warning conditions  |<7>KERN_DEBUG:debug-level messages
# <2>KERN_CRIT:critical conditions               |<5>KERN_NOTICE:normal but significant condition
#-A RH-Firewall-1-INPUT  -m limit --limit 15/minute -j LOG --log-level 6 --log-prefix "FW_INPUT_DROPPED: "
#-A OUTPUT -m limit --limit 15/minute -j LOG --log-level 7 --log-prefix "FW_OUTPUT_DROPPED: "
#-A INPUT  -m limit --limit 10/second --limit-burst 20 -j LOG --log-level 7 --log-prefix "FW_INPUT_DROPPED: "
#==========================================================================================================
# Open Port : 25(SMTP), 80(HTTP), 443(HTTPS)
#==========================================================================================================
-A RH-Firewall-1-INPUT -m state --state NEW                             -m tcp -p tcp --dport 80  -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW                             -m tcp -p tcp --dport 443 -j ACCEPT
#==========================================================================================================
# Open Port 22(SSH) for Internal IP Only
#==========================================================================================================
-A RH-Firewall-1-INPUT -m state --state NEW -s 10.10.10.0/255.255.255.0 -m tcp -p tcp --dport 22  -j ACCEPT
#==========================================================================================================
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -j REJECT -p tcp --reject-with tcp-reset
-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j DROP
COMMIT

Sunday, September 18, 2016

Memantau penggunaan bandwidth Indihome dengan perangkat ZTE F660

Sehubungan perangkat ZTE F660 tidak dapat dipantau menggunakan SNMP seperti perangkat sebelumnya (ZTE-ZXV10W300), maka saya mencoba memataunya menggunakan bash script.
Hasilnya saya tampilkan menggunakan Cacti.
Berikut ini data Cacti yang saya gunakan :

Cacti Version : 0.8.8a
Cacti OS : unix (Linux version 2.6.18-164.el5)
SNMP Version  : NET-SNMP version: 5.3.2.2
RRDTool Version  : RRDTool 1.4.x

Urutan pembuatannya sbb :

1. Tempatkan script di bawah pada folder '<path_cacti>/scripts/wjspeed.sh'
Pastikan ownernya dan attribut file tsb dapat dieksekusi (chmod 555/755) 
 
#!/bin/bash
#
export WJ_FILETMP=/tmp/wjspeed.tmp
export WJ_FILELOG=/tmp/wjspeed.log

export WJ_TARGET=192.168.1.1
export WJ_USER=root
export WJ_PASS=Zte521
export WJ_INTR=ppp0

echo -n "`date`" > $WJ_FILETMP
# Start the expect script
(expect -c "
set timeout 10
# Start the session with the input variable and the rest of the hostname
spawn telnet $WJ_TARGET
expect \"*ogin:\"
send   \"$WJ_USER\r\"
expect \"*assword:\"
send   \"$WJ_PASS\r\"
expect \"*#\"
send   \"ifconfig $WJ_INTR | grep bytes\r\"
expect \"*#\"
send   \"exit\r\"
#
# stop the expect script once the telnet session is closed
exit
") | grep RX | sed -e 's/^       //g' | sed -e 's/:/=/g' >> $WJ_FILETMP

if [ "`grep RX $WJ_FILETMP`" ]
then
   head -1 $WJ_FILELOG >> $WJ_FILETMP
   cat     $WJ_FILETMP  > $WJ_FILELOG
fi
#echo "   RX bytes=0 (0 MiB)  TX bytes=0 (0 MiB)" >> $WJ_FILETMP


if [ "`wc -l $WJ_FILELOG | cut -d' ' -f1`" = "2" ]
then
   R2=`head -1 $WJ_FILELOG | cut -d'=' -f2 | awk '{print  $1}'`
   T2=`head -1 $WJ_FILELOG | cut -d'=' -f3 | awk '{print  $1}'`

   R1=`tail -1 $WJ_FILELOG | cut -d'=' -f2 | awk '{print  $1}'`
   T1=`tail -1 $WJ_FILELOG | cut -d'=' -f3 | awk '{print  $1}'`

   TBPS=`expr $T2 - $T1` ; TBPS=`expr $TBPS / 300`
   RBPS=`expr $R2 - $R1` ; RBPS=`expr $RBPS / 300`

   #After restart R2&T2 will be 0, R1&T1 will still using old counter
   [ "$TBPS" -ge "1250000" ] && TBPS=0
   [ "$RBPS" -ge "1250000" ] && RBPS=0

   echo "tx:$TBPS rx:$RBPS"
else
   echo "tx:0 rx:0"
fi


2. Buat 'Data Input Methods'





3. Buat 'Data Templates'




4. Buat 'Graph Templates'
 



5. Buat 'Graph Management'



Selamat Mencoba


Sunday, September 11, 2016

Update Dynamic DNS menggunakan cron pada Linux

Berikut ini script yang saya gunakan untuk mengupdate Dynamic DNS menggunakan cron pada OS Linux.
Silahkan di-co-pas dan disesuaikan dengan keperluan anda, tempatkan  pada : /u/wjdynDNS/wjdynDNS.sh
Selamat mencoba

#!/bin/bash
#
# Declare host variable as the input variable
unset  WJ_IPCURR WJ_IPLAST
export WJ_FILETMP=/tmp/wjtelnet.tmp
export WJ_LASTLOG=/u/wjdynDNS/log/wjtelnet.log.`date +%m` ; [ ! -f $WJ_LASTLOG ] && touch $WJ_LASTLOG

WJ_LOG()
{
#Menggunakan print agar keluarannya dapat diatur posisinya
  printf "%-15s %s %-25s %s\n" $WJ_IPCURR "`date '+%a %Y-%m-%d %H:%M:%S'`" $1 >> $WJ_LASTLOG
}

export WJ_TARGET=192.168.1.1
export WJ_USER=root
export WJ_PASS=Zte521
export WJ_INTR=ppp0

# Start the expect script
(expect -c "
set timeout 10
# Start the session with the input variable and the rest of the hostname
spawn telnet $WJ_TARGET
expect \"*ogin:\"
send   \"$WJ_USER\r\"
expect \"*assword:\"
send   \"$WJ_PASS\r\"
expect \"*#\"
send   \"ifconfig $WJ_INTR | grep addr\r\"
expect \"*#\"
send   \"exit\r\"
#
# stop the expect script once the telnet session is closed
exit
") | grep 'inet addr' > $WJ_FILETMP

WJ_IPCURR="`sed -e 's/:/ /g' $WJ_FILETMP | awk '{print $3}'`"

WJ_LASTLOGx=$WJ_LASTLOG ; [ ! -s $WJ_LASTLOGx ] && WJ_LASTLOGx=${WJ_LASTLOG%.*}.`date +%m -d 'yesterday' `
WJ_IPLAST="`tail -1 $WJ_LASTLOGx | awk '{print $1}'`"


if [[ $WJ_IPCURR =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
then
   if [ "$WJ_IPCURR" = "$WJ_IPLAST" ]
   then
       WJ_LOG "_skipped_"
   else
       #Silahkan masukkan script/Dynamic DNS anda disini.
       #Contoh untuk www.noip.com
       #/u/noip/noip2 -c /u/noip/noip2.conf

       WJ_LOG "_executed_"
   fi
else
   WJ_LOG "-get_IP_failed-"
fi

Dan ini crontab-nya :

# Minute  Hour  Day of Month      Month          Day of Week      Command
# (0-59) (0-23)    (1-31)    (1-12 or Jan-Dec) (0-6 or Sun-Sat) (full path)
#-------+------+------------+-----------------+----------------+------------------------------------------------------------+
 0-59/15      *      *              *                 *        /u/wjdynDNS/wjdynDNS.sh

Sunday, September 4, 2016

Backup Konfigurasi ZTE F660 menggunakan bash dan cron pada Linux


Iseng-iseng membuat backup konfigurasi ZTE F660 dari Telkom menggunakan cron pada Linux.

Ini script-nya, silahkan di-co-pas dan ditempatkan pada : /u/wjbackup/wjbackup.sh

#!/bin/bash
#
export WJ_FILELOG=/u/wjbackup/log/wjbackup-`date +%Y%m%d%H%M%S`.log

export WJ_TARGET=192.168.1.1
export WJ_USER=root
export WJ_PASS=Zte521

echo "`date`" > $WJ_FILELOG
echo "============================" >>$WJ_FILELOG

# Start the expect script
(expect -c "
#Uncomment next line for debug
#exp_internal 1
set timeout 15
# Start the session with the input variable and the rest of the hostname
spawn telnet $WJ_TARGET
expect \"*ogin:\"
send   \"$WJ_USER\r\"
expect \"*assword:\"
send   \"$WJ_PASS\r\"
expect \"*#\"
send   \"date\r\"
expect \"*#\"
send   \"cat /userconfig/cfg/db_user_cfg.xml\r\"
expect \"/ # \"
send   \"exit\r\"
#
# stop the expect script once the telnet session is closed
exit
") >> $WJ_FILELOG

Dan ini crontab-nya, silahkan sesuaikan waktu backupnya :

# Minute  Hour  Day of Month      Month          Day of Week      Command
# (0-59) (0-23)    (1-31)    (1-12 or Jan-Dec) (0-6 or Sun-Sat) (full path)
#-------+------+------------+-----------------+----------------+------------------------------------------------------------+
    00      13       *              *                 *        /u/wjbackup/wjbackup.sh

Catatan :
Hasil backup ini sengaja saya simpan seutuhnya (termasuk perintah telnet-nya) untuk kebutuhan pencatatan.
Sedangan configurasi yang dibutuhkan dimulai dari baris ke 17 (dimulai dari <DB>) hingga baris kedua terbawah (</DB>)

Selamat mencoba